How long would it take your team to realize ransomware is already running? The newly identified ransomware families are already causing real business disruption. These threats can disrupt operations fast while also reducing visibility through stealth or cleanup activity, shrinking the time teams have to detect and contain the attack. Here’s what you should know about BQTLock and GREENBLOOD, and how your team can detect and contain them before…
Category: malware behavior
AI, ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Global Security News, malware, malware behavior, Network Security, Risk Management
How to Build Threat Hunting that Defends Your Organization Against Real Attacks
Threat hunting is widely recognized as one of the most important capabilities of a mature SOC. It uncovers stealthy attackers early, reduces dwell time, and prevents security incidents from impacting the business. Yet, in practice, many organizations find that their threat hunting efforts don’t consistently deliver these outcomes. Let’s take a look at how high-performing security teams make threat hunting more repeatable, measurable, and effective. Why Threat Hunting Programs Often Fail Before They Start …
Cybersecurity, Exploits, Global Security News, Malware Analysis, malware behavior
Attackers Taking Over a Real Enterprise Email Thread to Deliver Phishing
Think you can trust every email that comes from a business partner? Unfortunately, that’s no longer guaranteed; attackers now slip into legitimate threads and send messages that look fully authentic. That’s exactly what happened in a new case uncovered by ANY.RUN researchers; a trust takeover inside a real executive discussion about a document awaiting final approval. By detonating the suspicious message, the investigation exposed the…
ANYRUN, Cybersecurity, Global Security News, malware behavior, Reports
Malware Trends Overview Report: 2025
Summarizing the past year’s threat landscape based on activity observed in ANY.RUN’s Interactive Sandbox, this annual report provides insights into the most detected malware types, families, TTPs, and phishing threats of 2025. For additional insights, view ANY.RUN’s quarterly malware trends reports. Key Takeaways Threat activity surged, with total sandbox sessions up 72% and malicious detections growing proportionally, reflecting increased frequency and depth of analysis among SOCs. Stealers and RATs maintain dominance, tripling in activity compared to 2024. Lumma and XWorm led malware family rankings, highlighting…
ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis, malware behavior, News
Threat Coverage Digest: New Malware, Fresh Behavior Insights, and 5K+ Detection Rules
November was a packed month for detection coverage. We rolled out new behavioral insights, broadened our visibility across multiple threat families, and strengthened rulesets at every layer. On top of that, our analysts uncovered and documented a new phishing wave targeting Italian organizations through malicious PDF attachments, now fully mapped in a dedicated TI report. Let’s walk through…
ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis, malware behavior, Service Updates
Threat Coverage Digest: New Malware Reports and 5K+ Detection Rules
November was a packed month for detection coverage. We rolled out new behavioral insights, broadened our visibility across multiple threat families, and strengthened rulesets at every layer. On top of that, our analysts uncovered and documented a new phishing wave targeting Italian organizations through malicious PDF attachments, now fully mapped in a dedicated TI report. Let’s walk through…
ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Exploits, Global Security News, Malware Analysis, malware behavior
ClickFix Explosion: Cross-Platform Social Engineering Turns Users Into Malware Installers
Eric Parker, a recognized cybersecurity expert, has recently released a video on ClickFix attacks, their detection, analysis, and gathering threat intelligence. Here is our recap highlighting the key points and practical advice. ClickFix as the Signature Threat of 2025 In 2025 the internet saw a sharp surge in a deceptively simple but highly effective social-engineering…
ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Exploits, Global Security News, Malware Analysis, malware behavior
ClickFix Explosion: Cross-Platform Social Engineering Turns Users Into Malware Installers
Eric Parker, a recognized cybersecurity expert, has recently released a video on ClickFix attacks, their detection, analysis, and gathering threat intelligence. Here is our recap highlighting the key points and practical advice. ClickFix as the Signature Threat of 2025 In 2025 the internet saw a sharp surge in a deceptively simple but highly effective social-engineering…
ANYRUN, Cybersecurity, Global Security News, Malware Analysis, malware behavior
New Malware Tactics: Cases & Detection Tips for SOCs and MSSPs
Recently, we have hosted a webinar exploring some of the latest malware and phishing techniques to show how interactive analysis and fresh threat intelligence can help SOC teams stay ahead. ANY.RUN’s experts depicted the evolving landscape of malware tactics, highlighted real-world examples of sophisticated attacks, and provided practical detection tips for analysts. You can watch…
ANYRUN, Cybersecurity, Global Security News, Guest Posts, Malware Analysis, malware behavior
Phishing, Cloud Abuse, and Evasion: Advanced OSINT Investigation with ANY.RUN Threat Intelligence
Editor’s note: The current article is authored by Clandestine, threat researcher and threat hunter. You can find Clandestine on X. ANY.RUN’s Threat Intelligence (TI) Lookup is a powerful service for Open Source Intelligence (OSINT) and Threat Intelligence investigations. In this research, we shall analyze 5 specific queries, each targeting different aspects of the threat landscape, to better…
ANYRUN, Cybersecurity, Global Security News, Malware Analysis, malware behavior, North America
FunkSec’s FunkLocker: How AI Is Powering the Next Wave of Ransomware
Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X. AI is part of our lives whether we like it or not. Even if you are not quite a fan, or not a user at all, you probably came across multiple AI-generated avatars, pictures,…
ANYRUN, Cybersecurity, Global Security News, Malware Analysis, malware behavior
Fighting Telecom Cyberattacks: Investigating a Campaign Against UK Companies
Telecommunications companies are the digital arteries of modern civilization. Compromise a major telecom operator, and you don’t just steal data — you gain the power to intercept communications, manipulate network traffic, and bring entire regions offline. Every day, ANY.RUN’s solutions process thousands of threat samples, and hidden within them are patterns of activity targeting telecom operators.…
ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis, malware behavior
Lazarus Group Attacks in 2025: Here’s Everything SOC Teams Need to Know
The Lazarus Group, North Korea’s state-sponsored hacking collective, has held the title of the most notorious advanced persistent threat (APT) for almost two decades now. In 2025, it escalated its cyber operations, targeting tech industries with fake IT workers, fraudulent job interviews, and hijacked open-source software. It’s time to take a closer look at its…
ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis, malware behavior
Lazarus Group Attacks in 2025: Here’s Everything SOC Teams Need to Know
The Lazarus Group, North Korea’s state-sponsored hacking collective, has held the title of the most notorious advanced persistent threat (APT) for almost two decades now. In 2025, it escalated its cyber operations, targeting tech industries with fake IT workers, fraudulent job interviews, and hijacked open-source software. It’s time to take a closer look at its…
ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis, malware behavior
Salty 2FA: Undetected PhaaS from Storm-1575 Hitting US and EU Industries
Today, phishing accounts for the majority of all cyberattacks. The availability of low-cost, easy-to-use Phishing-as-a-Service (PhaaS) platforms like Tycoon2FA, EvilProxy, and Sneaky2FA only makes the problem worse. These services are actively maintained by their operators; new evasion techniques are regularly added, and the multi-layered infrastructure behind the phishing kits continues to evolve and expand. But…
ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis, malware behavior
Salty 2FA: Undetected PhaaS from Storm-1575 Hitting US and EU Industries
Today, phishing accounts for the majority of all cyberattacks. The availability of low-cost, easy-to-use Phishing-as-a-Service (PhaaS) platforms like Tycoon2FA, EvilProxy, and Sneaky2FA only makes the problem worse. These services are actively maintained by their operators; new evasion techniques are regularly added, and the multi-layered infrastructure behind the phishing kits continues to evolve and expand. But…
ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis, malware behavior
Salty 2FA: Undetected PhaaS from Storm-1575 Hitting US and EU Industries
Today, phishing accounts for the majority of all cyberattacks. The availability of low-cost, easy-to-use Phishing-as-a-Service (PhaaS) platforms like Tycoon2FA, EvilProxy, and Sneaky2FA only makes the problem worse. These services are actively maintained by their operators; new evasion techniques are regularly added, and the multi-layered infrastructure behind the phishing kits continues to evolve and expand. But…
ANYRUN, Cybersecurity, Emerging Tech, Global Security News, Malware Analysis, malware behavior
Salty 2FA: Undetected PhaaS from Storm-1575 Hitting US and EU Industries
Today, phishing accounts for the majority of all cyberattacks. The availability of low-cost, easy-to-use Phishing-as-a-Service (PhaaS) platforms like Tycoon2FA, EvilProxy, and Sneaky2FA only makes the problem worse. These services are actively maintained by their operators; new evasion techniques are regularly added, and the multi-layered infrastructure behind the phishing kits continues to evolve and expand. But…
ANYRUN, Cybersecurity, Exploits, Global Security News, Malware Analysis, malware behavior
Major Cyber Attacks in July 2025: Obfuscated .LNK‑Delivered DeerStealer, Fake 7‑Zip, and More
While cybercriminals were working overtime this July, so were we at ANY.RUN — and, dare we say, with better results. As always, we’ve picked the most dangerous and intriguing attacks of the month. But this time, there’s more. Alongside the monthly top, we are highlighting a key trend that’s been powering campaigns throughout 2025: the…
ANYRUN, Cybersecurity, Emerging Tech, features, Global Security News, malware behavior, Service Updates
Free. Powerful. Actionable. Make Smarter Security Decisions with Live Attack Data
Threat Intelligence in ANY.RUN continues to evolve — not only by adding more features, but by making the right ones easier to use. We’ve simplified access to ANY.RUN Threat Intelligence with a free version of TI Lookup. You now can explore Public Samples, TTPs, Suricata rules, and malware trends inside our Threat Intelligence product…
ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Exploits, Global Security News, Malware Analysis, malware behavior
How to Spot Registry Abuse by Malware: Examples in ANY.RUN Sandbox
When malware infiltrates a system, it doesn’t always make noise. In fact, some of the most dangerous threats operate quietly embedding themselves deep within the system and ensuring they come back even after a reboot. One of the most common ways they achieve this is by abusing the Windows Registry. In this article, we’ll walk…
ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Exploits, Global Security News, Malware Analysis, malware behavior
How to Spot Registry Abuse by Malware: Examples in ANY.RUN Sandbox
When malware infiltrates a system, it doesn’t always make noise. In fact, some of the most dangerous threats operate quietly embedding themselves deep within the system and ensuring they come back even after a reboot. One of the most common ways they achieve this is by abusing the Windows Registry. In this article, we’ll walk…
ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Exploits, Global Security News, Malware Analysis, malware behavior
How to Spot Registry Abuse by Malware: Examples in ANY.RUN Sandbox
When malware infiltrates a system, it doesn’t always make noise. In fact, some of the most dangerous threats operate quietly embedding themselves deep within the system and ensuring they come back even after a reboot. One of the most common ways they achieve this is by abusing the Windows Registry. In this article, we’ll walk…
ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Exploits, Global Security News, Malware Analysis, malware behavior
How to Spot Registry Abuse by Malware: Examples in ANY.RUN Sandbox
When malware infiltrates a system, it doesn’t always make noise. In fact, some of the most dangerous threats operate quietly embedding themselves deep within the system and ensuring they come back even after a reboot. One of the most common ways they achieve this is by abusing the Windows Registry. In this article, we’ll walk…
ANYRUN, Global Security News, Malware Analysis, malware behavior
How MSSPs Can Analyze and Investigate Phishing Attacks with ANY.RUN
Phishing attacks have become a pervasive and escalating threat across various industries, notably in finance, manufacturing, and healthcare. For Managed Security Service Providers (MSSPs), the challenge lies in swiftly identifying and mitigating these threats to safeguard client infrastructures and uphold service integrity. This case study explores how ANY.RUN’s Threat Intelligence Lookup and Interactive Sandbox can…
ANYRUN, Global Security News, Malware Analysis, malware behavior
How MSSPs Can Analyze and Investigate Phishing Attacks with ANY.RUN
Phishing attacks have become a pervasive and escalating threat across various industries, notably in finance, manufacturing, and healthcare. For Managed Security Service Providers (MSSPs), the challenge lies in swiftly identifying and mitigating these threats to safeguard client infrastructures and uphold service integrity. This case study explores how ANY.RUN’s Threat Intelligence Lookup and Interactive Sandbox can…
ANYRUN, Global Security News, Malware Analysis, malware behavior
How MSSPs Can Analyze and Investigate Phishing Attacks with ANY.RUN
Phishing attacks have become a pervasive and escalating threat across various industries, notably in finance, manufacturing, and healthcare. For Managed Security Service Providers (MSSPs), the challenge lies in swiftly identifying and mitigating these threats to safeguard client infrastructures and uphold service integrity. This case study explores how ANY.RUN’s Threat Intelligence Lookup and Interactive Sandbox can…
ANYRUN, Global Security News, Malware Analysis, malware behavior
How MSSPs Can Analyze and Investigate Phishing Attacks with ANY.RUN
Phishing attacks have become a pervasive and escalating threat across various industries, notably in finance, manufacturing, and healthcare. For Managed Security Service Providers (MSSPs), the challenge lies in swiftly identifying and mitigating these threats to safeguard client infrastructures and uphold service integrity. This case study explores how ANY.RUN’s Threat Intelligence Lookup and Interactive Sandbox can…
ANYRUN, Cybersecurity, Global Security News, malware, Malware Analysis, malware behavior, North America
How Adversary Telegram Bots Help to Reveal Threats: Case Study
While analyzing malware samples uploaded to ANY.RUN’s Interactive Sandbox, one particular case marked as “phishing” and “Telegram” drew the attention of our security analysts. Although this analysis session wasn’t attributed to any known malware family or threat actor group, the analysis revealed that Telegram bots were being used for data exfiltration. This led us to…
ANYRUN, Cybersecurity, Global Security News, malware, Malware Analysis, malware behavior, North America
How Adversary Telegram Bots Help to Reveal Threats: Case Study
While analyzing malware samples uploaded to ANY.RUN’s Interactive Sandbox, one particular case marked as “phishing” and “Telegram” drew the attention of our security analysts. Although this analysis session wasn’t attributed to any known malware family or threat actor group, the analysis revealed that Telegram bots were being used for data exfiltration. This led us to…
ANYRUN, Cybersecurity, Global Security News, malware, Malware Analysis, malware behavior, North America
How Adversary Telegram Bots Help to Reveal Threats: Case Study
While analyzing malware samples uploaded to ANY.RUN’s Interactive Sandbox, one particular case marked as “phishing” and “Telegram” drew the attention of our security analysts. Although this analysis session wasn’t attributed to any known malware family or threat actor group, the analysis revealed that Telegram bots were being used for data exfiltration. This led us to…
ANYRUN, Cybersecurity, Global Security News, malware, Malware Analysis, malware behavior, North America
How Adversary Telegram Bots Help to Reveal Threats: Case Study
While analyzing malware samples uploaded to ANY.RUN’s Interactive Sandbox, one particular case marked as “phishing” and “Telegram” drew the attention of our security analysts. Although this analysis session wasn’t attributed to any known malware family or threat actor group, the analysis revealed that Telegram bots were being used for data exfiltration. This led us to…